Google Chrome will mark HTTP sites ‘Not Secure’ from July 2018 with the release of Chrome 68

If you find this article helpful why not subscribe to my RSS feed or get updates by email? and then share the article to your social networks. Thanks so much for visiting!

Have you been meaning to implement HTTPS on your website?

Well now it is critical if you want to be seen as a trusted source for your site visitors. In a recent announcement Google has confirmed that when users visit HTTP sites on Chrome they will be marked as “Not Secure” from July 2018 with the release of Chrome 68.

If you are wondering if this will really matter, you will find that Chrome is the predoninent browser used across the globe – find Irish data here and UK data here.

There has been a gradual move by Google, marking subsets of HTTP pages as “not secure” as I wrote in my original post.

This article has been updated on 17 February 2018 to reflect these changes. It was originally published on 18 August 2018 and you can see the original post below.

You may have noticed that people have been posting online about receiving this notification from Google:

Starting October 2017, Chrome (version 62) will show a “NOT SECURE” warning when users enter text in a form on an HTTP page, and for all HTTP pages in Incognito mode.

The following URLs on your site include text input fields (such as < input type=”text” > or < input type=”email” >) that will trigger the new Chrome warning. Review these examples to see where these warnings will appear, so that you can take action to help protect users’ data. This list is not exhaustive.

[list]

The new warning is part of a long term plan to mark all pages served over HTTP as “not secure”.

Here’s how to fix this problem:

Migrate to HTTPS

To prevent the “Not Secure” notification from appearing when Chrome users visit your site, only collect user input data on pages served using HTTPS.

If you have been paying close attention to the topic of site security, these warnings it will not be a surprise.

Back in 2016 Google wrote about the steps it was taking to provide a more secure Internet which you can read here.

They even went as far as publishing a Transparency Report coverig both public and private data sources to track the HTTPS state of the top 100 non-Google sites on the Internet (probably accounting for 25% of all website traffic worldwide) and you can see whiich sites are secure (or not), some of which may surporise you.

Several months ago I went to a meetup of WordPress users and the developers there were surprised that my site which is not accepting online payments directwas already set up for HTTPS (though I have a glitch or two I am trying to resolve on that still). It seems that not too many of their clients had been asking about HTTPS other than if they were ecommerce sites. Well that is about to change.

Go back and read that notice again and see how it says “Starting October 2017, Chrome (version 62) will show a “NOT SECURE” warning when users enter text in a form on an HTTP page, and for all HTTP pages in Incognito mode”. So if you have an optin form on your website and your site is not set up as HTTPS it will show on Chrome as not secure – and that probably will not instill confidence in your site visitors.

In January, we began our quest to improve how Chrome communicates the connection security of HTTP pages. Chrome now marks HTTP pages as “Not secure” if they have password or credit card fields. Beginning in October 2017, Chrome will show the “Not secure” warning in two additional situations: when users enter data on an HTTP page, and on all HTTP pages visited in Incognito mode.

Our plan to label HTTP sites as non-secure is taking place in gradual steps, based on increasingly broad criteria. Since the change in Chrome 56, there has been a 23% reduction in the fraction of navigations to HTTP pages with password or credit card forms on desktop, and we’re ready to take the next steps. Passwords and credit cards are not the only types of data that should be private. Any type of data that users type into websites should not be accessible to others on the network, so starting in version 62 Chrome will show the “Not secure” warning when users type data into HTTP sites.

Eventually, we plan to show the “Not secure” warning for all HTTP pages, even outside Incognito mode. We will publish updates as we approach future releases, but don’t wait to get started moving to HTTPS! HTTPS is easier and cheaper than ever before, and it enables both the best performance the web offers and powerful new features that are too sensitive for HTTP. Check out our set-up guides to get started.

Therefore today’s flurry of communications should not really be a surprise to us, as Google is just providing advance warning.

My friend MaAnna at Blogaid was straight onto this today when the news broke and her article she covers some of the things that it takes to be HTTPS for a WordPress.org site:

your database actually converted in a WordPress-aware way

a real green padlock

mixed media being secure

full security headers

proper updates to Google Analytics and Search Console

acceptance on Chrome safe site preload list (that all other browsers copy).

Read this other article from her with recommendations of why you should not a free solution with your host here.

Also check out this article that covers how to Configure Google Chrome to display certificates directly. And this article covers some FAQ’s about moving to HTTPS.

If all this sounds complex, now is the time to talk to your web development team. The purpose of my writing this article is to provide you a prompt on this important update that is coming soon.

If you have been delaying sorting out HTTPS for your site as you are not selling online, but you are collecting data, basically there is no option but to get this sorted out now – Statcounter reports that 54.27% of the worlds internet users are using Chrome as at the end of July 2017 so even if you don’t (and I don’t) use Chrome as your primary browser you can be sure that lots of your clients and prospects do.

About Krishna De

Krishna De is a professional speaker and digital communications strategist on the topics of visual content marketing, social media marketing, personal branding, online reputation, mobile brand journalism, video marketing and live video and you can find her Google Plus business page here

Schedule A Meeting With Krishna

Invite Krishna Onto Your Show

Watch My Weekly Facebook Live, Periscope And Livestream News And Tips

Recommended Resources

Search For Marketing Help

Search By Topic

Search By Topic

Subscribe By Email To Get My Latest Articles

Subscribe To Krishna’s Podcast And Live Streams

Send Krishna A Message Through Facebook Messenger

Live stream on Facebook from your desktop here

About Me

As a brand journalist, digital marketing and social media speaker, strategist, educator and mentor, I write about the latest digital marketing trends and provide tutorials and resources to help you integrate digital technologies into your marketing, social selling, crisis management and employee engagement communications

ABOUT YOU

You will find the resources on this site of assistance if you want to be more effective with your digital marketing, enhance your online visibility and manage your online reputation. Subscribe to my YouTube Channel,my podcast and my Alexa briefing for social media tutorials and the latest live streaming news and technology tips

We use cookies to enhance your experience. By using the site you consent to our cookies as per our Privacy Policy Read more

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.